Enable web security assessment
-
Introducing ArmourZero Vulnerability Scanner (AVS)
See moreAmourZero's Vulnerability Scanner is an AI-powered penetration assessment tool that helps developers and security professionals to detect and find weaknesses and vulnerabilities in web application.
This scanner is categorised under Dynamic Application Security Testing (DAST), allowing you to assess and test the web application from an external perspective can help you to identify vulnerabilities that an attacker may find.
The scanned results of all possible vulnerabilities detected will then be compared with industry Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE) to determine the vulnerabilities' severity levels. Each of these possible vulnerability detected will then be mapped into OWASP Top 10 List (2021) compliance which is the latest standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
There are 5 categories of CWE and CVE vulnerabilities' severity levels.
- Critical
- High
- Medium
- Low
- Information.
Add a domain to start with AmourZero's Vulnerability Scanner (AVS) immediately, find all possible vulnerabilities faster than attackers.
-
How to add and verify domain
See moreTo start with AmourZero's Vulnerability Scanner, simply add a domain that you intend to find any possible weaknesses and vulnerabilities in that web application.
Step 1: Add a domain
1. Go to left menu and select Domains under MANAGE section.
Notes: Depending on your plan, you can add more than 1 domain.
2. Click "Add Domain" and add the domain with https:// or http:// that you intend to scan for vulnerability. You have to read the procedure carefully as this scan is a simulation of attacks in order to identify possible vulnerabilities in your domain.
3. Click on the acknowledgement box and "Add Domain" once you confirmed.
Step 2: Verify domain
After you add a domain, you need to verify that you are the owner or authorised domain admin before the scan is allowed to execute.
1. Click on the three dots action icon
on the domain that you intend to scan, select "Verify Domain".
2. There are 2 methods to verify the domain.
Verify Over HTTP/HTTPS
a. An unique verification token will be automatically create for you.
b. Use a Text Editor or Notepad to create a file named based on the unique verification token provided.
c. Upload the file to your web server.
Verify Over DNS Record
a. An unique verification token will be automatically create for you.
b. Create a new DNS Record with the unique verification token provided.
3. Accept the terms and conditions and click "Verify Domain" once you confirmed.
Step 3: Check domain verification status
1. If step 2 is successfully completed and done, the status will be automatically changed to Verified as ArmourZero's ScoutTwo will automatically reach out to the domain to verify the permission and authorisation before perform the automated penetration assessment to the web application.
You can trigger the automated penetration assessment scan once the domain verified. However the time to complete the scan depending on the size of web application
Notes: If the status remain Pending Verification, please check again the Step 2 especially on the unique verification token.
-
How to trigger AVS scan
See moreOnce the domain was successfully verified, you can trigger AmourZero's Vulnerability Scanner to scan and find weaknesses and vulnerabilities on the web application. Depending on your subscribed plan, you can trigger multiple scans at the same time. However the time to complete the scan depending on the size of web application.
Add new scan domain
1. Go to left menu and select AVS under Vulnerability Scanner section.
2. Click on the "Scan New Domain". This step is needed even you have added the same domain earlier as each scan have to trigger manually.
3. Select the verified domain that you intend to scan. Please read in details of the recommendation provided. If your domain have yet to verify, please visit how to add and verify domain.
4. Once you confirmed to scan the selected domain, accept the terms and conditions and click "Scan Domain".
Notes:
Depending on your plan, you can add more than 1 domain to scan at the same time.
AmourZero's Vulnerability Scanner will immediately scan and find weaknesses and vulnerabilities on the web application once you have triggered the scan. However the time to complete the scan depending on the size of web application. You can view the scanned results once the scan is completed.
As this scan is a penetration assessment tool, simulating real-time attack to find weaknesses and vulnerabilities, each scan have to trigger manually.
-
How to view and mitigate vulnerabilities
See moreYou can easily view scanned results on all domains after you have triggered the scan. Reminder that as this scan is a penetration assessment tool, simulating real-time attack to find weaknesses and vulnerabilities, each scan have to trigger manually.
Step 1: Select the scanned domain
1. Go to left menu and select AVS under Vulnerability Scanner section. You will see a list of scanned domain that have triggered earlier.
Each scanned domain comes with information:
a. Scanned date
b. Status of the scan
c. Scan results based on severities
2. Click on the domain that you want to view the scanned results in details.
3. The AVS scan report will be summarised into 5 categories of CWE and CVE vulnerabilities' severity levels; Critical, High, Medium, Low and Information.
Step 2: View details of vulnerabilities detected
There are 2 ways to view details of vulnerabilities detected.
1. Click on "Vulnerabilities Detected" (default selection).
All scanned results of all possible vulnerabilities detected will be automatically compared with industry Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE) to determine the vulnerabilities' severity levels.
Each of these possible vulnerability detected will be automatically mapped into OWASP Top 10 List (2021) compliance which is the latest standard awareness document for developers and web application security.
You can easily view your latest web application's compliances based on this each scanned results.
Step 3: Mitigate vulnerabilities
1. Click on "Mitigation & Task Assignment". Here you can sort the list based on severity that you intend to focus on.
2. For each vulnerability found, click "Mitigate" to view the details of vulnerability and how you and your team can mitigate it with AI-remediation suggestions. Also you can assign the mitigation task across team members and follow the mitigation status.
There are 2 main parts of mitigation:
Part 1
- AI False Positive Detector - to check with AI's analysis in real-time to ensure the detected vulnerability won't mistakenly identifies as a threat or risk.
- Task management - to assign the task across team members to fix and track the mitigation progress and status.
Part 2
- Vulnerability's type and information - to list in details information the found vulnerability.
- Generated By AI - to check with AI's analysis and it's recommended remediation in real-time.
Notes:
Each vulnerability detected or found have it own characteristic, type, severity and risk to you and company. That's why each vulnerability have it's own remediation to work on. That sometime to learn on about ArmourZero's AI-powered false positive detector and recommended remediation in the links provided above.